SOLVED proxyAuth bug
When the protected page returns a 403, the proxyAuth login page front-end thinks that it's the login itself which failed and incorrectly shows the
Incorrect username or passwordmessage.
Hm we use the auth_request feature of nginx here, not sure if this can be fixed easily.
@nebulon actually, the login does happen correctly. I think it's just a pure front-end bug: the message should be printed only when the 403 happens on the /login request, not on the URL to which the browser is redirected.
BTW, it also seems /logout does not work properly
I can't quite see how this happens from a code perspective. The
Incorrect username or passwordmessage shown in the login form is only done in one place as a response to the POST request to validate the values. I don't see how the app is even involved at that point.
@nebulon The /login responds with a redirect. So the fetch from front end follows it because fetch defaults to following redirects (cf https://developer.mozilla.org/en-US/docs/Web/API/WindowOrWorkerGlobalScope/fetch ). You should specify the option to not follow automatically. (that's if you guys do use fetch)
This is great observation and indeed we do use
fetch()here. I've fixed it at https://git.cloudron.io/cloudron/dashboard/-/commit/0adcc2af4f83d369c238ecc515b00c62c291935d pending testing your case though.
@mehdi Do you have repo or test case I can test with?
@girish I do not have something ready to test.
It happened to me while packaging Transmission when I messed up the hosts whitelist in the Transmission config
You could try by running my Transmission package (which is almost ready :D), but modify this line https://git.cloudron.io/mehdi/transmission-app/-/blob/master/transmission/non-modifiable.settings.json#L4 with
However, it may be easier to just slap together a basic node or PHP app that just responds a 403 with a test content
Buggy behaviour I encountered: showing a login page. When trying to login, staying on the login page then displaying the
Incorrect username or passwordmessage .
Wanted behaviour: showing login page. When trying to login, redirecting to the
I've put a test app and tested this and it works now as expected with the applied fix.